Merge "Fix retrieving barbican endpoint from service catalog"
Jenkins authored 6 years ago
Gerrit Code Review committed 6 years ago
22 | 22 | class KeystonePassword(password.Password): |
23 | 23 | """This class represents a keystone password credential.""" |
24 | 24 | |
25 | def __init__(self, password, username=None, user_id=None, | |
25 | def __init__(self, password, auth_url=None, username=None, user_id=None, | |
26 | 26 | user_domain_id=None, user_domain_name=None, trust_id=None, |
27 | 27 | domain_id=None, domain_name=None, project_id=None, |
28 | 28 | project_name=None, project_domain_id=None, |
29 | 29 | project_domain_name=None, reauthenticate=True): |
30 | 30 | """Create a new Keystone Password Credential. |
31 | 31 | |
32 | :param string auth_url: Use this endpoint to connect to Keystone. | |
32 | 33 | :param string password: Password for authentication. |
33 | 34 | :param string username: Username for authentication. |
34 | 35 | :param string user_id: User ID for authentication. |
45 | 46 | one is going to expire. (optional) default True |
46 | 47 | """ |
47 | 48 | |
49 | self._auth_url = auth_url | |
48 | 50 | self._user_id = user_id |
49 | 51 | self._user_domain_id = user_domain_id |
50 | 52 | self._user_domain_name = user_domain_name |
59 | 61 | |
60 | 62 | super(KeystonePassword, self).__init__(username, |
61 | 63 | password) |
64 | ||
65 | @property | |
66 | def auth_url(self): | |
67 | """This method returns an auth_url.""" | |
68 | return self._auth_url | |
62 | 69 | |
63 | 70 | @property |
64 | 71 | def user_id(self): |
22 | 22 | class KeystoneToken(token.Token): |
23 | 23 | """This class represents a keystone token credential.""" |
24 | 24 | |
25 | def __init__(self, token, trust_id=None, domain_id=None, domain_name=None, | |
26 | project_id=None, project_name=None, project_domain_id=None, | |
27 | project_domain_name=None, reauthenticate=True): | |
25 | def __init__(self, token, auth_url=None, trust_id=None, domain_id=None, | |
26 | domain_name=None, project_id=None, project_name=None, | |
27 | project_domain_id=None, project_domain_name=None, | |
28 | reauthenticate=True): | |
28 | 29 | """Create a new Keystone Token Credential. |
29 | 30 | |
30 | 31 | :param string token: Token for authentication. The type of token |
31 | 32 | formats accepted are UUID, PKI, and Fernet. |
33 | :param string auth_url: Use this endpoint to connect to Keystone. | |
32 | 34 | :param string trust_id: Trust ID for trust scoping. |
33 | 35 | :param string domain_id: Domain ID for domain scoping. |
34 | 36 | :param string domain_name: Domain name for domain scoping. |
40 | 42 | one is going to expire. (optional) default True |
41 | 43 | """ |
42 | 44 | |
45 | self._auth_url = auth_url | |
43 | 46 | self._trust_id = trust_id |
44 | 47 | self._domain_id = domain_id |
45 | 48 | self._domain_name = domain_name |
50 | 53 | self._reauthenticate = reauthenticate |
51 | 54 | |
52 | 55 | super(KeystoneToken, self).__init__(token) |
56 | ||
57 | @property | |
58 | def auth_url(self): | |
59 | """This method returns an auth_url.""" | |
60 | return self._auth_url | |
53 | 61 | |
54 | 62 | @property |
55 | 63 | def trust_id(self): |
50 | 50 | "'keystone_password' auth_type."), |
51 | 51 | |
52 | 52 | # keystone credential opts |
53 | cfg.StrOpt('auth_url', | |
54 | help="Use this endpoint to connect to Keystone."), | |
53 | 55 | cfg.StrOpt('user_id', |
54 | 56 | help="User ID for authentication. Optional for " |
55 | 57 | "'keystone_token' and 'keystone_password' auth_type."), |
129 | 131 | elif conf.key_manager.auth_type == 'keystone_password': |
130 | 132 | return keystone_password.KeystonePassword( |
131 | 133 | conf.key_manager.password, |
134 | auth_url=conf.key_manager.auth_url, | |
132 | 135 | username=conf.key_manager.username, |
133 | 136 | user_id=conf.key_manager.user_id, |
134 | 137 | user_domain_id=conf.key_manager.user_domain_id, |
152 | 155 | |
153 | 156 | return keystone_token.KeystoneToken( |
154 | 157 | auth_token, |
158 | auth_url=conf.key_manager.auth_url, | |
155 | 159 | trust_id=conf.key_manager.trust_id, |
156 | 160 | domain_id=conf.key_manager.domain_id, |
157 | 161 | domain_name=conf.key_manager.domain_name, |
54 | 54 | help='Version of the Barbican API, for example: "v1"'), |
55 | 55 | cfg.StrOpt('auth_endpoint', |
56 | 56 | default='http://localhost/identity/v3', |
57 | deprecated_name='auth_url', | |
58 | deprecated_group='key_manager', | |
57 | 59 | help='Use this endpoint to connect to Keystone'), |
58 | 60 | cfg.IntOpt('retry_delay', |
59 | 61 | default=1, |
122 | 124 | endpoint=self._barbican_endpoint) |
123 | 125 | self._current_context = context |
124 | 126 | |
127 | # TODO(pbourke): more fine grained exception handling - we are eating | |
128 | # tracebacks here | |
125 | 129 | except Exception as e: |
126 | 130 | LOG.error("Error creating Barbican client: %s", e) |
127 | 131 | raise exception.KeyManagerError(reason=e) |
133 | 137 | return self._barbican_client |
134 | 138 | |
135 | 139 | def _get_keystone_auth(self, context): |
136 | auth_url = self.conf.barbican.auth_endpoint | |
137 | ||
138 | 140 | if context.__class__.__name__ is 'KeystonePassword': |
139 | 141 | return identity.Password( |
140 | auth_url=auth_url, | |
142 | auth_url=context.auth_url, | |
141 | 143 | username=context.username, |
142 | 144 | password=context.password, |
143 | 145 | user_id=context.user_id, |
153 | 155 | reauthenticate=context.reauthenticate) |
154 | 156 | elif context.__class__.__name__ is 'KeystoneToken': |
155 | 157 | return identity.Token( |
156 | auth_url=auth_url, | |
158 | auth_url=context.auth_url, | |
157 | 159 | token=context.token, |
158 | 160 | trust_id=context.trust_id, |
159 | 161 | domain_id=context.domain_id, |
167 | 169 | # projects begin to use utils.credential_factory |
168 | 170 | elif context.__class__.__name__ is 'RequestContext': |
169 | 171 | return identity.Token( |
170 | auth_url=auth_url, | |
172 | auth_url=self.conf.barbican.auth_endpoint, | |
171 | 173 | token=context.auth_token, |
172 | 174 | project_id=context.tenant) |
173 | 175 | else: |
128 | 128 | base.BaseTestCase): |
129 | 129 | |
130 | 130 | def get_context(self): |
131 | auth_url = CONF.identity.auth_url | |
131 | 132 | username = CONF.identity.username |
132 | 133 | password = CONF.identity.password |
133 | 134 | project_name = CONF.identity.project_name |
135 | 136 | project_domain_name = CONF.identity.project_domain_name |
136 | 137 | |
137 | 138 | ctxt = keystone_password.KeystonePassword( |
138 | username=username, password=password, | |
139 | auth_url=auth_url, username=username, password=password, | |
139 | 140 | project_name=project_name, |
140 | 141 | user_domain_name=user_domain_name, |
141 | 142 | project_domain_name=project_domain_name) |
164 | 165 | |
165 | 166 | return keystone_token.KeystoneToken( |
166 | 167 | token=auth.get_token(sess), |
168 | auth_url=auth_url, | |
167 | 169 | project_id=auth.get_project_id(sess)) |
36 | 36 | |
37 | 37 | # keystone token credential |
38 | 38 | [key_manager] |
39 | auth_url = 'http://192.169.5.254:5000' | |
39 | 40 | auth_type = 'keystone_token' |
40 | 41 | token = '5b4de0bb77064f289f7cc58e33bea8c7' |
41 | 42 | project_id = 'a1e19934af81420d980a5d02b4afe9fb' |
42 | 43 | |
43 | 44 | # keystone password credential |
44 | 45 | [key_manager] |
46 | auth_url = 'http://192.169.5.254:5000' | |
45 | 47 | auth_type = 'keystone_password' |
46 | 48 | username = 'admin' |
47 | 49 | password = 'passw0rd1' |